[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$feEaAyRb2s23SNvL7gb2pmRVB3l-r6NKNWy3O5R8-4fQ":3},{"slug":4,"name":5,"version":6,"author":7,"author_profile":8,"description":9,"short_description":10,"active_installs":11,"downloaded":12,"rating":13,"num_ratings":14,"last_updated":15,"tested_up_to":16,"requires_at_least":17,"requires_php":18,"tags":19,"homepage":24,"download_link":25,"security_score":26,"vuln_count":27,"unpatched_count":28,"last_vuln_date":29,"fetched_at":30,"vulnerabilities":31,"developer":48,"crawl_stats":37,"alternatives":52,"analysis":148,"fingerprints":206},"pj-news-ticker","PJ News Ticker","1.9.8","Primitiv Media","https:\u002F\u002Fprofiles.wordpress.org\u002Fnicolasmontigny\u002F","\u003Cp>\u003Cstrong>This plugin is now maintained by the developers at Primitiv Media\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>PJ News Ticker is a small plugin that shows your most recent posts in a marquee style.\u003C\u002Fp>\n\u003Cp>You can embed the news ticker anywhere you like using shortcodes.\u003C\u002Fp>\n","PJ News Ticker is a small plugin that shows your most recent posts in a marquee style.",3000,77789,90,6,"2025-04-30T02:35:00.000Z","6.8.0","4.6","",[20,21,22,23],"jquery-news-ticker","marquee","news-headlines","news-ticker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fpj-news-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fpj-news-ticker.zip",100,1,0,"2024-02-12 00:00:00","2026-03-15T15:16:48.613Z",[32],{"id":33,"url_slug":34,"title":35,"description":36,"plugin_slug":4,"theme_slug":37,"affected_versions":38,"patched_in_version":39,"severity":40,"cvss_score":41,"cvss_vector":42,"vuln_type":43,"published_date":29,"updated_date":44,"references":45,"days_to_patch":47},"CVE-2024-25094","pj-news-ticker-authenticatedcontributor-stored-cross-site-scripting-via-shortcode","PJ News Ticker \u003C= 1.9.5 - Authenticated(Contributor+) Stored Cross-Site Scripting via shortcode","The PJ News Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",null,"\u003C=1.9.5","1.9.6","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2024-10-15 11:50:00",[46],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F78b60dca-0225-43c8-b6cf-0213b1619b65?source=api-prod",246,{"slug":49,"display_name":7,"profile_url":8,"plugin_count":27,"total_installs":11,"avg_security_score":26,"avg_patch_time_days":47,"trust_score":50,"computed_at":51},"nicolasmontigny",79,"2026-04-04T00:42:45.340Z",[53,76,98,116,133],{"slug":54,"name":55,"version":56,"author":57,"author_profile":58,"description":59,"short_description":60,"active_installs":61,"downloaded":62,"rating":63,"num_ratings":64,"last_updated":65,"tested_up_to":66,"requires_at_least":67,"requires_php":68,"tags":69,"homepage":72,"download_link":73,"security_score":74,"vuln_count":27,"unpatched_count":28,"last_vuln_date":75,"fetched_at":30},"news-ticker-widget-for-elementor","News Ticker Widget for Elementor","1.3.7","Aezaz Shaikh","https:\u002F\u002Fprofiles.wordpress.org\u002Fshaikhaezaz80\u002F","\u003Cblockquote>\n\u003Cp>\u003Cstrong>Now, You can filter posts by selected category\u002Ftaxonomy\u003C\u002Fstrong>\u003Cbr \u002F>\n  \u003Cstrong>Now supports custom post types\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Cp>News ticker widget for elementor helps you showcase your latest news\u002Fposts in a marquee or slider format.\u003C\u002Fp>\n\u003Ch3>Features\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Control number of Posts to display\u003C\u002Fli>\n\u003Cli>Unlimited News Ticker on a single page, no script conflict\u003C\u002Fli>\n\u003Cli>Can \u003Cstrong>pause\u003C\u002Fstrong> news ticker on mouse hover so you can read or open the news post\u003C\u002Fli>\n\u003Cli>Show\u002Fhide initial lable for your news ticker that adds beauty to your news ticker\u003C\u002Fli>\n\u003Cli>Separate news posts with icon or texts or featured image or post date\u003C\u002Fli>\n\u003Cli>Total control over news ticker speed. Make it slow or fast 😉\u003C\u002Fli>\n\u003Cli>Set background color to make it look catchy\u003C\u002Fli>\n\u003Cli>Control spacing, text color, font-family for post title\u003C\u002Fli>\n\u003Cli>Unmilited posibilities…\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Demo\u003C\u002Fh4>\n\u003Cp>\u003Ca href=\"https:\u002F\u002Felementordemo.flickdevs.com\u002Felementor-news-ticker\u002F\" rel=\"nofollow ugc\">News ticker widget for Elementor\u003C\u002Fa>\u003C\u002Fp>\n\u003Cblockquote>\n\u003Cp>\u003Cstrong>More features coming soon\u003C\u002Fstrong>\u003Cbr \u002F>\n  \u003Cstrong>We update our plugins actively 🙂\u003C\u002Fstrong>\u003C\u002Fp>\n\u003C\u002Fblockquote>\n\u003Ch4>Technical Support\u003C\u002Fh4>\n\u003Cp>We’re active for any support issues and feature suggestions. You can post on our support forum here: \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Felementor-news-ticker\u002F\" rel=\"ugc\">support forum\u003C\u002Fa>\u003C\u002Fp>\n\u003Ch4>Want to create custom elementor widget\u002Faddon plugin for your WordPress website?\u003C\u002Fh4>\n\u003Cp>\u003Cem>Feel free to \u003Ca href=\"https:\u002F\u002Fflickdevs.com\u002Fcontact-us\u002F\" rel=\"nofollow ugc\">contact us\u003C\u002Fa> and we will make it for you 🙂\u003C\u002Fem>\u003C\u002Fp>\n","News ticker widget for elementor helps you showcase your latest news\u002Fposts in a marquee or slider format.",4000,37782,80,5,"2025-12-10T12:40:00.000Z","6.9.4","5.9","7.0",[70,21,22,23,71],"elementor-news-ticker","post-ticker","https:\u002F\u002Fflickdevs.com\u002Felementor\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fnews-ticker-widget-for-elementor.zip",99,"2025-01-07 00:00:00",{"slug":77,"name":78,"version":79,"author":80,"author_profile":81,"description":82,"short_description":83,"active_installs":84,"downloaded":85,"rating":13,"num_ratings":86,"last_updated":87,"tested_up_to":88,"requires_at_least":17,"requires_php":89,"tags":90,"homepage":93,"download_link":94,"security_score":95,"vuln_count":96,"unpatched_count":28,"last_vuln_date":97,"fetched_at":30},"simple-posts-ticker","Simple Posts Ticker – Easy, Lightweight & Flexible","1.1.6","Sayan Datta","https:\u002F\u002Fprofiles.wordpress.org\u002Finfosatech\u002F","\u003Cp>The Simple Posts Ticker plugin brings a lightweight, flexible and easy way to configure news ticker plugin to WordPress website. This plugin adds scrolling horizontal posts tickers to your site. It can be use as shortcode or PHP codes. You can customize every setting of this plugin in the admin dashboard.\u003C\u002Fp>\n\u003Ch3>Advantages of this plugin\u003C\u002Fh3>\n\u003Cul>\n\u003Cli>Lightweight jQuery.\u003C\u002Fli>\n\u003Cli>CSS Ticker Animation.\u003C\u002Fli>\n\u003Cli>Easy to configuration.\u003C\u002Fli>\n\u003Cli>Multi Post Support.\u003C\u002Fli>\n\u003Cli>Full RTL Support.\u003C\u002Fli>\n\u003Cli>Custom Post Types support.\u003C\u002Fli>\n\u003Cli>Select post by date\u002Fmodified date or randomly.\u003C\u002Fli>\n\u003Cli>Select posts by their category.\u003C\u002Fli>\n\u003Cli>Option to show a label before ticker.\u003C\u002Fli>\n\u003Cli>Option to customize all and everything.\u003C\u002Fli>\n\u003Cli>Supports localization.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Cp>Like Simple Posts Ticker plugin? Consider leaving a \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-posts-ticker\u002Freviews\u002F?rate=5#new-post\" rel=\"ugc\">5 star review\u003C\u002Fa>.\u003C\u002Fp>\n\u003Ch3>Shortcode instructions\u003C\u002Fh3>\n\u003Cp>Using default settings: \u003Cstrong>[spt-posts-ticker]\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cp>You can use some attributes to override the original settings. Please see plugin settings for detailed shortcode attributes.\u003C\u002Fp>\n\u003Ch4>Compatibility\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>This plugin is fully compatible with WordPress Version 4.6 and beyond and also compatible with any WordPress theme.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Support\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Community support via the \u003Ca href=\"https:\u002F\u002Fwordpress.org\u002Fsupport\u002Fplugin\u002Fsimple-posts-ticker\" rel=\"ugc\">support forums\u003C\u002Fa> at WordPress.org.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch4>Contribute\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Active development of this plugin is handled \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiamsayan\u002Fsimple-posts-ticker\u002F\" rel=\"nofollow ugc\">on GitHub\u003C\u002Fa>.\u003C\u002Fli>\n\u003Cli>Feel free to \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Fiamsayan\u002Fsimple-posts-ticker\u002F\" rel=\"nofollow ugc\">fork the project on GitHub\u003C\u002Fa> and submit your contributions via pull request.\u003C\u002Fli>\n\u003C\u002Ful>\n","The Simple Posts Ticker plugin is a small tool that shows your most recent posts in a marquee style.",2000,23059,22,"2023-09-02T06:45:00.000Z","6.3.8","5.6",[91,21,22,23,92],"jquery-posts-ticker","posts-ticker","https:\u002F\u002Fwordpress.org\u002Fplugins\u002Fsimple-posts-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fsimple-posts-ticker.1.1.6.zip",84,2,"2023-09-25 00:00:00",{"slug":99,"name":100,"version":101,"author":102,"author_profile":103,"description":104,"short_description":105,"active_installs":106,"downloaded":107,"rating":28,"num_ratings":28,"last_updated":108,"tested_up_to":109,"requires_at_least":110,"requires_php":18,"tags":111,"homepage":113,"download_link":114,"security_score":115,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"advance-news-ticker","Advance News Ticker","1.0","Md Abunaser Khan","https:\u002F\u002Fprofiles.wordpress.org\u002Fjoyelkhan\u002F","\u003Cp>This plugin help you to view the latest posts or page on your website.This plugin also have three type of animation such as Fade Effects, Slide Effects. You can also control and adjust color and animation \u003Cstrong>Admin Panel\u003C\u002Fstrong>. You can display it from all Post or specific Page and much more!\u003C\u002Fp>\n\u003Ch4>Features Include\u003C\u002Fh4>\n\u003Cul>\n\u003Cli>Three type of animation.\u003C\u002Fli>\n\u003Cli>Display multi-functional data.\u003C\u002Fli>\n\u003Cli>Display from all, specific Post and Page.\u003C\u002Fli>\n\u003Cli>Exclude current News\u003C\u002Fli>\n\u003Cli>Control and adjust multi-color and animation Admin panel.\u003C\u002Fli>\n\u003C\u002Ful>\n\u003Ch3>Viw by Shortcode\u003C\u002Fh3>\n\u003Col>\n\u003Cli>General Options\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cpre>[advance_newsticker_shortcode]\u003C\u002Fpre>\n\u003Col>\n\u003Cli>Ticker Form Page, Post and Title\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cpre>[advance_newsticker_shortcode title=\"News\" per_page_item=\"3\" post_type=\"post\"]\u003C\u002Fpre>\n\u003Col>\n\u003Cli>Ticker Effects Options\u003C\u002Fli>\n\u003C\u002Fol>\n\u003Cp>\u003Cstrong>Available Ticker Effects Options\u003C\u002Fstrong>\u003C\u002Fp>\n\u003Cpre> {Fade, Slide Left, Slide Right, Slide Down, Slide Up }\u003C\u002Fpre>\n\u003Cpre>[advance_newsticker_shortcode effect_type=\"fade\"]\u003C\u002Fpre>\n","Provides flexible and advance news ticker. Display it via shortcode and more.",10,1619,"2018-07-09T05:22:00.000Z","4.9.29","4.0",[99,20,21,23,112],"ticker","http:\u002F\u002Fplugins.dhakaambulance.com\u002Fadvance-news-ticker\u002F","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fadvance-news-ticker.zip",85,{"slug":117,"name":118,"version":101,"author":119,"author_profile":120,"description":121,"short_description":122,"active_installs":106,"downloaded":123,"rating":28,"num_ratings":28,"last_updated":124,"tested_up_to":125,"requires_at_least":126,"requires_php":18,"tags":127,"homepage":131,"download_link":132,"security_score":115,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"bytecoder-news-ticker","Bytecoder News Ticker","Sayfur Rahman","https:\u002F\u002Fprofiles.wordpress.org\u002Fsayfur-rahman\u002F","\u003Cp>This plugin will enable your post as news ticker in your wordpress theme. You can embed news ticker via shortcode in everywhere you want, even in theme files.\u003C\u002Fp>\n\u003Cp>Wanna see how it works? Click here: http:\u002F\u002Fbytecoder.info\u002Fplugin\u002F?page_id=1715\u003C\u002Fp>\n","Bytecoder News Ticker is an awesome, super lightweight plugin for your wordpress website.",1652,"2014-10-04T04:58:00.000Z","4.0.38","3.0.1",[128,129,22,23,130],"headlines","jquery-effect","type-effect-jquery-news-ticker","http:\u002F\u002Fbytecoder.info","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fbytecoder-news-ticker.zip",{"slug":134,"name":135,"version":101,"author":136,"author_profile":137,"description":138,"short_description":139,"active_installs":106,"downloaded":140,"rating":141,"num_ratings":96,"last_updated":142,"tested_up_to":143,"requires_at_least":126,"requires_php":18,"tags":144,"homepage":146,"download_link":147,"security_score":115,"vuln_count":28,"unpatched_count":28,"last_vuln_date":37,"fetched_at":30},"lazy-news-ticker","Lazy News Ticker","raselahmed7","https:\u002F\u002Fprofiles.wordpress.org\u002Fraselahmed7\u002F","\u003Cp>This plugin will enable news ticker in your wordpress theme. You can embed news ticker via shortcode in everywhere you want, even in theme files.\u003C\u002Fp>\n\u003Cp>Wanna see how it works? Click here: http:\u002F\u002Flazypersons.com\u002Fplugins\u002Flazy-news-ticker\u002F\u003C\u002Fp>\n","Lazy News Ticker is an awesome, super lightweight plugin for your wordpress website.",2431,60,"2014-05-07T13:59:00.000Z","3.9.40",[128,145,22,23,130],"jquery-type-effect","http:\u002F\u002Flazypersons.com\u002Fplugins\u002Flazy-news-ticker","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Flazy-news-ticker.zip",{"attackSurface":149,"codeSignals":181,"taintFlows":196,"riskAssessment":197,"analyzedAt":205},{"hooks":150,"ajaxHandlers":174,"restRoutes":175,"shortcodes":176,"cronEvents":180,"entryPointCount":27,"unprotectedCount":28},[151,157,161,165,170],{"type":152,"name":153,"callback":154,"file":155,"line":156},"action","admin_init","initSettings","admin\\pj-news-ticker-admin.php",12,{"type":152,"name":158,"callback":159,"file":155,"line":160},"admin_menu","addOptionsPage",13,{"type":152,"name":162,"callback":163,"file":155,"line":164},"admin_enqueue_scripts","loadStyles",14,{"type":152,"name":166,"callback":167,"file":168,"line":169},"wp_enqueue_scripts","enqueueScripts","pj-news-ticker.php",181,{"type":152,"name":171,"callback":172,"file":168,"line":173},"wp_body_open","custom_content_after_body_open_tag",182,[],[],[177],{"tag":4,"callback":178,"file":168,"line":179},"renderNewsTicker",187,[],{"dangerousFunctions":182,"sqlUsage":183,"outputEscaping":185,"fileOperations":28,"externalRequests":28,"nonceChecks":28,"capabilityChecks":27,"bundledLibraries":195},[],{"prepared":28,"raw":28,"locations":184},[],{"escaped":141,"rawEcho":186,"locations":187},3,[188,191,193],{"file":168,"line":189,"context":190},266,"raw output",{"file":168,"line":192,"context":190},270,{"file":168,"line":194,"context":190},274,[],[],{"summary":198,"deductions":199},"The \"pj-news-ticker\" plugin v1.9.8 demonstrates a generally good security posture based on the provided static analysis. The absence of dangerous functions, raw SQL queries, file operations, and external HTTP requests is commendable. The high percentage of properly escaped output is also a strong positive indicator. However, the plugin does present a few areas of concern. The complete lack of nonce checks across all entry points is a significant weakness, as it leaves the plugin vulnerable to CSRF attacks if any functionality were to be modified or added without proper authorization checks in the future.  Furthermore, the historical vulnerability data indicates a past medium-severity Cross-Site Scripting (XSS) vulnerability, even though it is currently patched. This suggests a potential for input sanitization issues, and while the current static analysis didn't reveal any unsanitized taint flows, it is a pattern worth noting for future analysis.\n\nWhile the current version appears to have a limited attack surface and good coding practices in place, the historical XSS vulnerability and the complete absence of nonce checks are points that warrant caution. The plugin's strength lies in its limited attack surface and diligent output escaping. Its weakness lies in the potential for CSRF due to missing nonce checks and a past history of input sanitization issues. Overall, the plugin is in a relatively secure state for the analyzed version, but continuous monitoring and attention to these specific areas are advised.",[200,202],{"reason":201,"points":106},"Missing nonce checks on entry points",{"reason":203,"points":204},"Past medium severity CVE (XSS)",8,"2026-03-16T18:18:10.537Z",{"wat":207,"direct":216},{"assetPaths":208,"generatorPatterns":211,"scriptPaths":212,"versionParams":213},[209,210],"\u002Fwp-content\u002Fplugins\u002Fpj-news-ticker\u002Fpj-news-ticker.css","\u002Fwp-content\u002Fplugins\u002Fpj-news-ticker\u002Fpj-news-ticker.js",[],[210],[214,215],"pj-news-ticker\u002Fpj-news-ticker.css?ver=","pj-news-ticker\u002Fpj-news-ticker.js?ver=",{"cssClasses":217,"htmlComments":219,"htmlAttributes":220,"restEndpoints":246,"jsGlobals":247,"shortcodeOutput":248},[4,218],"pjnt",[],[221,222,223,224,225,226,227,228,229,230,231,232,233,234,235,236,237,238,239,240,241,242,243,244,245],"data-speed","data-gap","data-hide-if-empty","data-target","data-bg-color","data-label-bg-color","data-label-text-color","data-font-url","data-font-family","data-post-type","data-num-posts","data-post-cat","data-show-label","data-label-text","data-no-content-text","data-show-excerpt","data-override-posts","data-override-posts-custom-colour","data-override-posts-custom-text","data-override-posts-custom-text-colour","data-override-posts-custom-text-url","data-custom-separator","data-custom-separator-image","data-custom-separator-width","data-custom-separator-condition",[],[218],[]]